INTERNET-DRAFT Zachary Beese Intended Status: Proposed Standard Gregory Barton Expires: October 6, 2016 April 4, 2016 Open Source Software Manifest Retrieval from a Headless Device draft-beese-opsawg-ossman-00 Abstract In commercial embedded systems utilizing open source, there are legal requirements to make open source software utilized in a product known. Headless devices have no UI to display an open source manifest. Additionally, printed manuals become out of date as software updates occur throughout the product lifetime. This standard intends to create a common method of retrieving open source manifests directly from an embedded device utilizing Ethernet or Wi- Fi. Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Copyright and License Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. Zachary Beese Expires October 2, 2016 [Page 1] INTERNET DRAFT O.S.S. Manifests from Headless Devices March 31, 2016 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3 Security Considerations . . . . . . . . . . . . . . . . . . . . 4 4 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 5 References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 5.1 Normative References . . . . . . . . . . . . . . . . . . . 5 5.2 Informative References . . . . . . . . . . . . . . . . . . 5 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 5 Zachary Beese Expires October 2, 2016 [Page 2] INTERNET DRAFT O.S.S. Manifests from Headless Devices March 31, 2016 1 Introduction To comply with various governmental legal requirements around using open source software, it is fairly routine to make open source software manifests available to anyone asking for it. On devices with built-in displays, the display can visually present the user with an open source manifest. However, on headless devices, another mechanism must be used. This draft outlines a few methods make the open source mainfest readily available through the embedded device's communications ports. 1.1 Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. O.S.S. stands for Open Source Software. Zachary Beese Expires October 2, 2016 [Page 3] INTERNET DRAFT O.S.S. Manifests from Headless Devices March 31, 2016 2. Protocol If the device has an ethernet connection, the user may attach a mobile device to the device utilizing ethernet. Likewise, if Wi-Fi is in use, the user could attach a mobile device to the same Access Point the device is on [or attach to the embedded device acting as an access point]. To remove the reliance on IP addressing schemes, a multicast address and associated UDP port number is suggested: 239.79.83.83 [239.O.S.S] and port YYYYY. A request from the client to port YYYYY on 239.79.83.83 with any payload will trigger a multicast reply to the same multicast IP address on 239.79.83.83 and port YYYYY containing a JSON document: {"oss": { "": { "Version": "", "License Type": "", "URL": "", [...] } "": { "Version": "", "License Type": "", "URL": "", [...] } }} The user's mobile device may collect all responses from any devices on a subnet and display results to the user. 3 Security Considerations UDP listening port only listens for multicast on port XXXXX. Replies can be throttled to only allow Y datagrams per second to prevent flooding attacks. 4 IANA Considerations Port number XXXXX should be reserved for this protocol standard. Multicast IP Address 239.79.83.83 should be reserved for this protocol standard. Zachary Beese Expires October 2, 2016 [Page 4] INTERNET DRAFT O.S.S. Manifests from Headless Devices March 31, 2016 5 References 5.1 Normative References [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC1776] Crocker, S., "The Address is the Message", RFC 1776, April 1 1995. [TRUTHS] Callon, R., "The Twelve Networking Truths", RFC 1925, April 1 1996. 5.2 Informative References [EVILBIT] Bellovin, S., "The Security Flag in the IPv4 Header", RFC 3514, April 1 2003. [RFC5513] Farrel, A., "IANA Considerations for Three Letter Acronyms", RFC 5513, April 1 2009. [RFC5514] Vyncke, E., "IPv6 over Social Networks", RFC 5514, April 1 2009. Authors' Addresses Zachary Beese 4052 114th Street Urbandale, IA 50322 EMail: BeeseZacharyE@JohnDeere.com Gregory Barton 4052 114th Street Urbandale, IA 50322 EMail: BartonGregoryJ@JohnDeere.com Zachary Beese Expires October 2, 2016 [Page 5]